Description:
Multiple vulnerabilities were reported in Dnsmasq. A remote user can execute arbitrary code on the target system. A remote user can cause the target service to crash. A remote user can obtain potentially sensitive information on the target system.

A remote user can send specially crafted DNS packets to trigger a heap overflow and execute arbitrary code on the target system [CVE-2017-14491].

A remote user on the local network can send specially crafted IPv6 router advertisement (RA) messages to trigger a heap overflow and execute arbitrary code on the target system [CVE-2017-14492]. Systems using the enable-ra, ra-only, slaac,
ra-names, ra-advrouter, or ra-stateless configuration options are affected.

A remote user on the local network can send a specially crafted DHCPv6 request to trigger a stack overflow and execute arbitrary code on the target system [CVE-2017-14493].

A remote user on the local network can send specially crafted DHCPv6 packets to trigger a flaw in the DHCPv6 relay code and obtain potentially sensitive information from process memory on the target system [CVE-2017-14494].

A remote user can send specially crafted DNS packets to cause the add_pseudoheader() function to allocate memory that is never freed, consuming excessive memory on the target system [CVE-2017-14495].

A remote user can send specially crafted DNS packets to trigger an integer underflow and subsequent buffer over-read error in the EDNS0 code and cause the target service to crash [CVE-2017-14496]. Systems using the add-mac, add-cpe-id, or add-subnet configuration options are affected.

A remote user can send a specially crafted DNS query to cause the target service to crash, due to a regression error in a security fix in version 2.77 [CVE-2017-13704].